Пожалуйста, обратите внимание, что пользователь заблокирован
Description
As is well known, there are numerous mature fuzz testing tools on the market, including iconic ones like AFLplusplus for general objects, syzkaller for Linux kernel.
However, despite the continuous and round-the-clock efforts of these powerful fuzzers to test these targets, several longstanding vulnerabilities have exposed in recent years, posing significant risks for privilege escalation.
This suggests that many secrets still lie deep within the code, beyond the reach of fuzzing techniques.
Therefore, by investigating the pain points of fuzzers and conducting manual code audits targeted at high-value objectives such as the Linux kernel and mobile RCE-involved decoders, we have successfully uncovered dozens of high-value vulnerabilities.
These vulnerabilities, which are not easily detected by existing fuzzers, may enable privilege escalation to obtain root access. Through analysis of these vulnerabilities, we have devised methods to enhance fuzzers and discovered multiple new 0days.
